User Interface Access Control

You can limit computer access to the Secure Email Gateway Web Interface and Server Console Interface by specifying a set of rules for IP address or address ranges that are either denied or allowed access.

Secure Email Gateway applies the first rule that matches the connecting address. To provide a default access rule, add a * entry at the end of the list.

 

If there are no entries in the list, Secure Email Gateway allows all addresses to connect on HTTPS.

If you place entries in the list, Secure Email Gateway denies access to any addresses that do not match an entry in the list.

We recommend that you provide a default policy by adding a "* Deny" entry at the bottom of the list.

We recommend that you do not use a proxy to access the Web Interface.

Add user interface access rules

  1. Navigate to System > Gateway Settings > User Interface Access Control. The User Interface Access Control page is displayed.
  2. Click New adjacent to the Hosts heading. The Add Host dialog appears in the task panel.

  3. In the Add Host dialog, specify a host IP address or IP address range. You can specify a range of IP addresses using an asterisk (*) to represent an octet consisting of any numbers. Use one of the following formats to define an IP address range:

    nnn.nnn.nnn.*

    nnn.nnn.*

    nnn.*

    You may not specify anything after the asterisk.

      You can deny (or allow) all external hosts by entering a single asterisk character *. This action will not apply to hosts which have already been specified access.
  4. Indicate whether the specified address or range of addresses is to be denied or allowed access.
  5. Click Add. This adds the rule to the Access Controls list.
  6. Repeat steps 3 to 5 as required for additional hosts.

  7. If necessary, change the relative priority of the rules:

    • Select an entry in the list.
    • Click or , as required.

  8. Apply the new configuration.

      You might want to include (and allow) the IP address of your firewall in the list of user interface access rules. This allows ICMP traffic, which may be blocked if the firewall is unrecognized.

Edit a user interface access rule

  1. Navigate to System > Gateway Settings > User Interface Access Control. The User Interface Access Control page is displayed. This page lists the existing access rules.

  2. To change the relative priority of an entry:

    • Select an entry in the list.
    • Click or , as required.

  3. To edit the details of an entry:

    • Select the entry you wish to modify.
    • Click Edit adjacent to the Hosts heading.
    • In the Edit Host dialog, specify a host IP address or IP address range. You can specify a range of IP addresses using an asterisk (*) to represent an octet consisting of any numbers. For examples, see step 4 above.
    • Indicate whether the specified address or range of addresses is to be denied or allowed access.
    • Click Update. This adds the change to the Access Controls list.

  4. To remove an entry from the list:

    • Select the entry you wish to remove.
    • Click Delete adjacent to the Hosts heading.
    • Click Yes in the Confirm Delete dialog to confirm the removal.

  5. To change access permission:

    • Select the entry you wish to change.
    • Click Allow or Deny adjacent to the Hosts heading.
  6. Apply the new configuration.

Enable auto-completion of credentials

  1. Navigate to System > Gateway Settings > User Interface Access Control. The User Interface Access Control page is displayed. This page lists the existing access rules.
  2. Move the mouse-pointer over the Browser Auto-Complete Settings area and click Click here to change these settings.
  3. Select the check box to Enable browser auto-completion of login credentials. This enables the browser to auto-complete the login credentials of allowed users.
  4. Apply the new configuration.

See also...